Nations Buying as Hackers Sell Flaws in Computer Code New York Times (07/13/13) Nicole Perlroth; David E. Sanger

All over the world, hackers are finding and selling "zero days," software coding flaws that can give a buyer unfettered access to a computer and any business, agency, or individual dependent on one. Until very recently, most hackers sold knowledge of the coding flaws back to the manufacturers so they could be fixed. But today the market for information about computer vulnerabilities has turned into a gold rush. Last month, Microsoft increased its top offer for zero days to $150,000. However, software firms increasingly are being outbid by countries with the goal of exploiting the flaws in pursuit of cyber-espionage missions. "Governments are starting to say, 'In order to best protect my country, I need to find vulnerabilities in other countries,'" says former White House cybersecurity coordinator Howard Schmidt. "The problem is that we all fundamentally become less secure." To connect the sellers and buyers, several well-connected brokers now market information on the flaws in exchange for a 15-percent cut. Meanwhile, many technology companies have started "bug bounty" programs, in which they pay hackers to tell them about bugs in their systems instead of keeping the flaws to sell to the highest bidder.

A plan to dramatically increase the number of possible Web addresses could cause widespread disruption to Internet operations, according to some industry officials. New Internet domains could be going live at a pace of 20 or more every week by the end of the summer. Web experts say the speed and scale of the expansion could impact the Internet's global infrastructure, which relies on interactions among computer networks owned by companies, universities, and individual users. One major issue could be "name collisions," which occur when domains used by internal corporate computer systems get assigned to the Web more broadly; this could lead to system failures, email blockages, and the theft of sensitive information. The Internet Corporation for Assigned Names and Numbers (ICANN) has not done enough research on the impact of the new domain names and does not have procedures in place to respond quickly if systems malfunction, warns Verisign's Danny McPherson. However, the plan's defenders argue that the potential problems have been long understood and will be resolved before new domains are approved. "We want everything to work, and we're going to try to make everything work, but we can't control everybody's networks on the planet," says ICANN's Jeffrey Moss.

The United States has the greatest potential of any country to develop disruptive technological breakthroughs, as it was cited as the most promising nation for innovation by 39 percent of respondents in this year's worldwide KPMG survey of 811 technology business leaders. Last year China tied with the United States, with each country cited by 29 percent of respondents. This year China claimed 24 percent of respondents, and India claimed 10 percent. "People are a bit more optimistic and bullish on the U.S.," says KPMG's Gary Matuszak, who believes the change is due to U.S. economic gains and China's slowing economy. In addition, the number of respondents who believe that Silicon Valley will lose its stronghold as the "technology innovation center of the world" to another nation within four years has dropped from 44 percent last year to 33 percent this year. "It's very difficult--very difficult--for anyone individual country, let alone a city, to develop the ecosystem and the infrastructure that exist in the valley," Matuszak says.

University of Leicester researchers are using two scanning techniques to create a detailed three-dimensional (3D) digital visualization of King Richard III's grave, which was located by archaeologists in Leicester last September. Laser scanning together with digital photogrammetric techniques helped generate an interactive map of the grave, enabling a reconstruction that will preserve the grave as it was when the king's skeleton was exhumed. Postgraduate researcher David Ackerley placed a terrestrial laser scanner at certain points around the grave to map the precise shape. The instrument uses Light Detection and Ranging technology to transmit laser pulses in a 360-degree arc and track the time required to bounce off a surface and return to the scanner. Data from each measuring point was merged into a 20-million-point cloud that shows details such as exact soil textures of the grave walls. The data will be converted into a triangulated irregular network surface and merged with a survey produced via digital photographs. Visiting academic Jose Manuel Valderrama Zafra took more than 80 grave pictures from various perspectives and used modeling software to create a 3D model. By mapping the 3D model onto the surface derived from the laser scans, the researchers hope to add depth and context to the surface to see colors, features, and exact shapes and dimensions.

Massachusetts Institute of Technology Media Lab researchers have created a three-dimensional (3D) printed dome using 6,500 live silkworms in a hybrid fabrication method called CNSilk. Led by professor Neri Oxman, the project began as an experiment to test whether silkworm spinning patterns could be controlled by altering their environment. Upon discovering that the patterns could be controlled, Oxman developed a computer-aided design (CAD) program to control output. The team then built an aluminum scaffold, across which a computer numerical controlled robot wove silk starter threads to provide a framework. Thousands of silkworms then spun a dome over the frame, with Oxman manipulating material properties using the CAD program. The opacity of panels depended upon the density of the starter strings, and the integrity of the structure emerged from their orientation. "The silkworm embodies everything an additive fabrication system currently lacks," Oxman says. "In more than one way, a silkworm is a sophisticated multi-material, multi-axis 3D printer." Today, most 3D printers cannot print anything larger than a car's steering wheel, but the silkworms could create structures the size of a small house.

Researchers at the University of California, Berkeley and Google recently conducted a study examining user behavior in relation to security warnings displayed by Web browsers. The researchers found that security warnings are much more effective at deterring risky Internet behavior than was previously believed. The study focused on how users reacted to warnings displayed by Mozilla's Firefox and Google's Chrome browsers. In both cases, less than 25 percent of users chose to ignore malware and phishing warnings, and only about 33 percent of users ignored Firefox's SSL warnings, according to the study. "This demonstrates that security warnings can be effective in practice; security experts and system architects should not dismiss the goal of communicating security information to end users," the researchers say. The study also found that more technical users, such as those who used Linux and pre-release browsers, were more likely to bypass security warnings. "Technically-advanced users might feel more confident in the security of their computers, be more curious about blocked websites, or feel patronized by warnings," the researchers say.

Rice University researchers have developed a one-kilobit rewritable silicon oxide device with diodes that eliminate data-corrupting crosstalk. The researchers say the chip demonstrates that it should be possible to go beyond the limitations of flash memory in packing density, energy consumption per bit, and switching speed. The crossbar memories are flexible, resist heat and radiation, and could be used for stacking in three-dimensional arrays. The diodes eliminate crosstalk by keeping the electronic state on a cell from leaking into adjacent cells. "It wasn't easy to develop, but it's now very easy to make," says Rice University professor James Tour. The device sandwiches the active silicon oxide between layers of palladium. The combined layers rest upon a thin layer of aluminum that combines with a base layer of p-doped silicon to act as a diode. "We've already demonstrated the native sub-5-nanometer filament, which is going to work with the smallest line size industry can make," Tour says. He also notes that the devices are robust, with an on/off ratio of about 10,000 to one, over the equivalent of 10 years of use. "It will be industry's job to scale this into commercial memories, but this demonstration shows it can be done," Tour says.

Quantum Version of Nazi Enigma Machine Is Uncrackable New Scientist (07/09/13) Jacob Aron

Massachusetts Institute of Technology's Seth Lloyd has developed a theoretical quantum Enigma machine, modeled on the devices used to transmit the Enigma code that Alan Turing and fellow codebreakers deciphered during World War II. In an effort to find alternatives to quantum key distribution, Lloyd conceptualized a quantum version of the Enigma machine, which is similar to a typewriter with a panel that offers encryption instructions for each letter. The path for each letter varies every time the letter is used, based on rotor settings that function as the key. The encrypted message can then be typed into another Enigma machine and read, if the second user knows the settings. Turing and others were able to crack Enigma's keys by making educated guesses about message contents. Thus an increase in information about the message weakened the key. In Lloyd's version of the machine, he replaces electricity and rotors that change the settings with photons that have the quantum ability to follow two paths at once. With quantum mechanics, an increase in information about the message does not considerably weaken the key as it did for Turing. Lloyd is currently trying to create a physical machine, which he says could resemble a typewriter.

California Institute of Technology researchers have created an app called CrowdShake that provides early earthquake warnings by converting a smartphone's accelerometer into a seismometer. "In the Pasadena area, which is a relatively small community--it's hardly 10km across--we have hundreds and hundreds of volunteers that we give a very small low-cost accelerometer to, it's actually a seismometer," says Richard Guy, who manages Caltech's Community Seismic Network. The seismometers plug into a PC or router, and pick up vibrations caused by tremors. However, the device's cost and the failure of some volunteers to install the software presented obstacles, so the group sought an application that required no hardware to purchase or maintain. "The accelerometer is already in the phone, the location is something the phone knows, it's not something that a person has to tell it," Guy notes. "And of course your smartphone knows exactly what time it is." The accelerometer serves as a sensor gathering vibration data, which is analyzed and then returned to the community with warnings when necessary. In addition to the Community Seismic Network, the California Integrated Seismic Network's Earthquake Early Warning System operates a computer network of seismometers that monitor vibrations at about 400 stations.

Breakthrough Could Lead to 'Artificial Skin' That Senses Touch, Humidity, and Temperature American Technion Society (07/08/13) Kevin Hattori

Technion-Israel Institute of Technology researchers say they have made a flexible sensor out of tiny gold particles that could be used to create electronic skin. The sensor can simultaneously sense touch, humidity, and temperature, and is at least 10 times more sensitive than other e-skin systems, says Technion professor Hossam Haick. The sensor uses monolayer-capped nanoparticles that are less than 8 nanometers in diameter, made of gold, and surrounded by connector molecules called ligands. "Monolayer-capped nanoparticles can be thought of as flowers, where the center of the flower is the gold or metal nanoparticle and the petals are the monolayer of organic ligands that generally protect it," Haick says. The researchers found that when the nanoparticles are laid on top of a substrate, the resulting compound conducted electricity differently depending on how the substrate was bent, meaning the sensor can detect a wide range of pressures. "The development of the artificial skin as biosensor by professor Haick and his team is another breakthrough that puts nanotechnology at the front of the diagnostic era," says the Sheba Medical Center's Nir Peled.

A multi-university effort that allows both brain activity and eye movement to be monitored at the same time via unique signal-processing methods could be applied toward car crash prevention, among other things. Collaborating researchers at the University of Leicester and the University of Buenos Aires have integrated high-speed eye tracking that records eye movements with high-density electroencephalograph (EEG) technology that precisely quantifies electrical brain activity through electrodes on the scalp. "We have managed to overcome the challenges that were standing in the way of integrating [eye-tracking and EEG] technologies," says lead researcher Matias Ison. "This is already leading to a much better understanding of how the brain responds when the eyes are moving." The advancement might eventually lead to an in-car system that automatically alerts drivers when they are drowsing off, with the eye tracker searching for erratic gaze patterns while the EEG monitors for brain activity indicative of early-onset sleepiness. The research team thinks the breakthrough could one day make physical interaction with computer game interfaces unnecessary for players. Instead, eye movement and brain activity data would be collected and processed to indicate the player's desired action. "We hope to see the first of these [systems] starting to become feasible within the next three to five years," Ison says.

Pennsylvania State University (PSU) researchers have found that people express more positive feelings toward a robot that takes care of them than toward a robot that needs care. "How the robot is presented to users can send important signals to users about its helpfulness and intelligence, which can have consequences for how it is received by end users," says PSU professor S. Shyam Sundar. The researchers observed 60 interactions between college students and a social robot called Nao. The participants either helped Nao calibrate its eyes, or the robot could examine the participants' eyes and make suggestions to improve their vision. The participants then answered questions about their feelings toward Nao. The researchers found that when "(humans) perceive greater benefit from the robot, they are more satisfied in their relationship with it, and even trust it more," Sundar says. In the future, the researchers hope to confirm these experimental results in real-life situations where caretaker robots are already working.